darpa - trust in integrated circuits program
TRANSCRIPT
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
TRUST in Integrated Circuits ProgramTRUST in Integrated Circuits Program
Briefing to Industry Mr. Brian Sharkey
i_SW Corp
26 March 2007
Briefing to Industry Mr. Brian Sharkey
i_SW Corp
26 March 2007
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
AgendaAgenda
08000800--08150815 Introductions and AgendaIntroductions and Agenda Mr. Brian SharkeyMr. Brian Sharkey
08150815--09000900 Technical Objectives of the TRUST ProgramTechnical Objectives of the TRUST Program Dr. Dean CollinsDr. Dean Collins
09000900--09200920 Contracts for the TRUST ProgramContracts for the TRUST Program Mr. Michael BlackstoneMr. Michael Blackstone
09200920--09400940 Break Break ---- Government prepares responses to Government prepares responses to bidders first series of questions regarding bidders first series of questions regarding Contracts, Security and TechnicalContracts, Security and Technical
09400940--09550955 Teaming Website and TFIMS demonstrationTeaming Website and TFIMS demonstration Mr. Jonathan BreedloveMr. Jonathan Breedlove
09550955--11001100 Government response to bidders questionsGovernment response to bidders questions Dr. Dean CollinsDr. Dean CollinsMr. Michael BlackstoneMr. Michael BlackstoneMr. Darin SmithMr. Darin SmithMs. JoMs. Jo--Anne WebberAnne Webber
11001100--11301130 Metrics for the TRUST ProgramMetrics for the TRUST Program Dr. Dan WiltDr. Dan Wilt
11301130--12001200 Plan for government provided Test ArticlesPlan for government provided Test Articles Mr. Robert ParkerMr. Robert Parker
12001200--12451245 Break for LunchBreak for Lunch
12451245--13301330 Government response to any remaining Government response to any remaining technical questionstechnical questions
Dr. Dean CollinsDr. Dean CollinsMr. Michael BlackstoneMr. Michael BlackstoneMr. Darin SmithMr. Darin SmithMs. JoMs. Jo--Anne WebberAnne Webber
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
BAA 07-24 POC ListBAA 07-24 POC List
• Technical Questions– Dean Collins
• [email protected]• 571-218-4650
• Contracts– Michael Blackstone
• [email protected]• 571-218-4804
• Security– Jo-Ann Webber
• [email protected]• 571-218-4930
• FAQ / Logistics– Jonathan Breedlove
• [email protected]• 571-218-4255
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Systems IntegratorsSystems Integrators
POC Organization Email Phone
Mark TrainoffPanchanathanReghunathan
Raytheon [email protected]@raytheon.com
310-607-7346310-647-1219
Rick StevensHoward Schantz
Lockheed Martin [email protected]@lmco.com
651-456-3118651-456-2045
Lou ParadisoRichard PlewDavid Mottarella
Harris Corporation [email protected]@[email protected]
321-727-5399321-727-5399
Kenneth Heffner HonneywellInternational
[email protected] 727-539-4205
Perry Koch ARINC LLC [email protected] 410-266-4396
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Systems IntegratorsSystems Integrators
POC Organization Email PhoneJohn Mcdonald Rensselaer
Polytechnic Institute
[email protected] 518-276-2919
Erik Mettala SPARTA, Inc. [email protected] 410-443-8059
Donna MirandaGreg Zawitoski
National Semiconductor Corp
[email protected]@nsc.com
301-497-4247301-621-0900
David Mottarella Harris Corporation [email protected] 321-591-8634
Jeffrey Wills Altera Corporation [email protected] 410-750-3421
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
TRUST in Integrate Circuits ProgramTRUST in Integrate Circuits Program
Briefing to Industry - Technical PresentationDr. Dean Collins
Deputy DirectorMicrosystems Technology Office
26 March 2007
Briefing to Industry - Technical PresentationDr. Dean Collins
Deputy DirectorMicrosystems Technology Office
26 March 2007
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Need for TRUSTed IC’sNeed for TRUSTed IC’s
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
High Performance Microchip SupplyHigh Performance Microchip Supply
• For the DOD’s strategy of information superiority to remain viable, the Department requires:– Trusted, Affordable, Timely Supply
of Integrated Circuits (ICs)
– A continued stream of exponential improvements in the processing capacity of microchips and new approaches to extracting military value from information.
• Technical Aspects of Trusted Circuits:– Design
– IC Fabrication
– IC Packaginghttp://www.acq.osd.mil/dsb/reports/2005-02-HPMS_Report_Final.pdf
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Overlap of InterestsOverlap of Interests
TRUSTTRUST InformationLeakage
InformationLeakage
Anti-TamperAnti-Tamper
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Old Supply Chain StructureOld Supply Chain Structure
IPIP ToolsTools Std CellsStd Cells ModelsModels
SpecificationsSpecifications DesignDesign FabFab InterfaceInterface MaskMask FabFab
WaferWaferProbeProbe
Dice andDice andPackagePackage
PackagePackageTestTest
Deploy andDeploy andMonitorMonitor
Wafers
TRUSTED
Level of Control of IC Supply Process
IPIP ToolsTools Std CellsStd Cells ModelsModels
SpecificationsSpecifications DesignDesign FabFab InterfaceInterface MaskMask FabFab
WaferWaferProbeProbe
Dice andDice andPackagePackage
PackagePackageTestTest
Deploy andDeploy andMonitorMonitor
Wafers
TRUSTED
Level of Control of IC Supply Process
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
New Supply Chain Structure New Supply Chain Structure
IPIP ToolsTools Std CellsStd Cells ModelsModels
SpecificationsSpecifications DesignDesign FabFab InterfaceInterface MaskMask FabFab
WaferWaferProbeProbe
Dice andDice andPackagePackage
PackagePackageTestTest
Deploy andDeploy andMonitorMonitor
Wafers
TRUSTED UNTRUSTED EITHER
Level of Control of IC Supply Process
IPIP ToolsTools Std CellsStd Cells ModelsModels
SpecificationsSpecifications DesignDesign FabFab InterfaceInterface MaskMask FabFab
WaferWaferProbeProbe
Dice andDice andPackagePackage
PackagePackageTestTest
Deploy andDeploy andMonitorMonitor
Wafers
TRUSTED UNTRUSTED EITHER
Level of Control of IC Supply Process
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Controlled and Uncontrolled Boundaries of the Chip Development Process
Controlled and Uncontrolled Boundaries of the Chip Development Process
ASIC COTS •Micro proc.•DSP•FPGA•Memory•Etc.
IPTheft
Hidden Features
Substitution
MaliciousCircuits
Controlled ControlledUncontrolled
DesignDesign MaskMask PackagePackageTestTest
Dice & Dice & PackagePackageSpecsSpecs FabFab
InterfaceInterface WaferWaferFabFab
TRUSTED UNTRUSTED EITHER
Level of Control of IC Supply Process
ASIC COTS •Micro proc.•DSP•FPGA•Memory•Etc.
IPTheft
Hidden Features
Substitution
MaliciousCircuits
Controlled ControlledUncontrolled
DesignDesign MaskMask PackagePackageTestTest
Dice & Dice & PackagePackageSpecsSpecs FabFab
InterfaceInterface WaferWaferFabFab
TRUSTED UNTRUSTED EITHER
Level of Control of IC Supply Process
TRUSTED UNTRUSTED EITHER
Level of Control of IC Supply Process
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Type of ThreatsType of Threats
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Design FlowsDesign Flows
External IPExternal IP
SpecificationsSpecifications Logic DesignLogic Design FabFab InterfaceInterface FabFabPhysicalPhysical DesignDesign
External IPExternal IP
SpecificationsSpecifications Logic DesignLogic Design FabFab InterfaceInterface FabFabPhysicalPhysical DesignDesign
ASIC Design Flow
FPGA Design Flow
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Malicious IC InsertionMalicious IC Insertion
Processor Memory
Custom Logic DMA
Bridge
USB
PCI
Master Bus Data
Other IP
WE
Fixed
ER
Processor Memory
Custom Logic DMA
Bridge
USB
PCI
Master Bus Data
Other IP
WE
Fixed
ER
Standard IC Design
Processor Memory
Custom Logic DMA
Bridge
USB
PCI
Master Bus Data
Other IP Circuit 2
Circuit 1
ER*
WE
WE*
Fixed
ER
Processor Memory
Custom Logic DMA
Bridge
USB
PCI
Master Bus Data
Other IP Circuit 2
Circuit 1
ER*
WE
WE*
Fixed
ER
With Malicious Circuits Inserted
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Example Types of Malicious Circuit Insertions
Example Types of Malicious Circuit Insertions
011
101
ER*ERT
011
101
ER*ERT
ER*
GND ER
T
XORINV
ER*
GND ER
T
XORINV
GND ER
T
XORINVIC Malicious Circuit 1 with Trigger Always On Condition
000234235
101234234
110234233
000234232
WE*WETFixedData
000234235
101234234
110234233
000234232
WE*WETFixedData
Comparator
Data
Fixed WE
WE*T
XOR
Comparator
Data
Fixed WE
WE*T
XOR
IC Malicious Circuit 2 with Event Triggered Condition
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Program ObjectivesProgram Objectives
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Area 1 – Hardware ValidationArea 1 – Hardware Validation
• Techniques that can quickly and accurately determine whether an IC provided is the same as one available in a gold standard design– Fast, accurate, high resolution destructive
analysis of an IC– Fast, accurate, high resolution non-destructive
analysis of an IC – is preferred.– Methods that prevent or detect the insertion of
additional circuits when IC is manufactured– Methods for determining if IC’s are identical
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Area 2 – Design ValidationArea 2 – Design Validation
• Trusted Design of ASIC hardware– External IP– Logic design– Physical design– Fab interface
• Trusted design, implementation, and operation of configurable hardware, such as that provided by FPGAs– External IP– Logic design– Device programming
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Area 3 - System Integration (SI)Area 3 - System Integration (SI)
• The three phases of the program are defined by technical performance goals – not time durations– Phase 1 – primarily proof-of-principal of individual
technologies– Phase 2 and 3 will focus on integrating techniques
into a comprehensive end-to-end system capability– Component providers who desire to continue to Phase
2 or 3 of the program should form teaming agreements with a system integration team prior to the end of Phase I
• System Integrator(s) will be required for Phases 2 and 3, and may also be preferred in Phase 1 in order to ensure effective coordination
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Area 3 - System Integration (SI)Area 3 - System Integration (SI)
• System Integrator responsibilities– Define comprehensive TRUST solution for Area 1 and/or Area 2 – Direction and management oversight for integrating component
technology solutions into a system framework • System development plans, • Experiment plans (including milestones and go/no-go experiments),• Coordination of those program deliverables being produced by the
technology developers• Requirements of the SI Performer
– Strong background in design/fabrication of complex ICs—preferably at foreign foundries
– Strong background in the agile management of classified programsinvolving diverse large and small company technical performer teams
– Success in transitioning systems and component technology products into the DoD or intelligence communities
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
TeamingTeaming
• Teaming is highly encouraged• Component providers will not advance to
Phase 2 or 3 without being part of a system integration team
• Non-formalized working relationships are not of interest nor are separate technical efforts that rely on each other in order to provide a solution
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
TeamingTeaming
• FAQ: “Given the inherent increase in risk associated with a team approach that is not structured as with a formal prime/sub arrangement, formal teaming agreement(s) must be provided as part of the proposal submission(s) in such instances. The lack of such agreements would be considered as an unacceptable level of risk during evaluations of Tech Area 1 and 2”– The lack of such teaming agreements may be considered an
unacceptable risk– It is recognized that there may not be sufficient time for
formal teaming agreements to be executed prior to submission of proposals lacking a prime/sub relationship
– Proposers should provide evidence that formal teaming agreements will be in place prior to contract award
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Security ConsiderationsSecurity Considerations
• Continued research on some technologies developed under this program may require security protection in order to continue, especially when integrated within a broader system framework
• DARPA has determined that research resulting from this program will present a high likelihood of disclosing performance characteristics of military systems or manufacturing technologies that are unique and critical to defense; therefore, any resulting award will include a requirement for DARPA permission before publishing any information or results on the program.
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Technical Goals and ScheduleTechnical Goals and Schedule
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Government Support TeamsGovernment Support Teams
• Red Team– Led by MIT- LL– Identify different classes of malicious circuits – Establish techniques for malicious circuit insertion within test
articles• Test Article Generation
– Led by USC- ISI– Will use MOSIS to access commercial foundries to generate HW
test articles– Will use standard design tool applications for design SW test
articles.• Metrics Team
– John Hopkins University – Applied Physics Laboratory• Methodology for establishing metrics at the transistor and IC level• Work with performing contractors to vet and formalize metrics
established for Go/No-go experiments
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
TRUST Program Goals(transistor level metrics)TRUST Program Goals
(transistor level metrics)
*Combined man hours plus wall clock time.
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
TRUST Program ScheduleTRUST Program Schedule
Phase 1 Phase 2 Phase 3Government Team
Red TeamThreat & Insertion Def.
Generation of Test Articles
Metrics
AttackSpecifications
Modified AttackSpecification
Design Test
Articles 1
FabricateTest
Articles–1
MetricsAnalysis
Monitor Performer Tests
Monitor Test ArticleGeneration–1
Modified AttackSpecification
FabricateTest Articles–2
FabricateTest Articles–3
T2Specification
T3Specification
T1 T2 T3
TRUST 1 Go/No-Go
Experiments
TRUST 2Go/No-Go
Experiments
TRUST 3GRAND CHALLENGE
Experiments
T1Specification
MetricsAnalysis
Monitor Performer Tests
MetricsAnalysis
Monitor Performer Tests
Develop
Test
Performer Teams
Hardware Validation
Design Validation
System Integration
Develop
Develop
Test
Develop
Develop
Test
Develop
E1 E2 E3
E1
Sample Test Articles
Major Go/No-Go Experiments
Monitor Test ArticleGeneration–2
Monitor Test ArticleGeneration–3
Design TestArticles 2
Design TestArticles 3
Pre-Award
Sample TestArticles
T0
E0Sample Test
Article
E0
Phase 1 Phase 2 Phase 3Government Team
Red TeamThreat & Insertion Def.
Generation of Test Articles
Metrics
AttackSpecifications
Modified AttackSpecification
Design Test
Articles 1
FabricateTest
Articles–1
MetricsAnalysis
Monitor Performer Tests
Monitor Test ArticleGeneration–1
Modified AttackSpecification
FabricateTest Articles–2
FabricateTest Articles–3
T2Specification
T3Specification
T1T1 T2T2 T3T3
TRUST 1 Go/No-Go
Experiments
TRUST 2Go/No-Go
Experiments
TRUST 3GRAND CHALLENGE
Experiments
T1Specification
MetricsAnalysis
Monitor Performer Tests
MetricsAnalysis
Monitor Performer Tests
MetricsAnalysis
Monitor Performer Tests
MetricsAnalysis
Monitor Performer Tests
Develop
Test
Performer Teams
Hardware Validation
Design Validation
System Integration
Develop
Develop
Test
Develop
Develop
Test
Develop
E1E1 E2E2 E3E3
E1E1
Sample Test Articles
Major Go/No-Go Experiments
Monitor Test ArticleGeneration–2
Monitor Test ArticleGeneration–3
Design TestArticles 2
Design TestArticles 3
Pre-Award
Sample TestArticles
T0T0
E0Sample Test
Article
E0E0
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Proposal RequirementsProposal Requirements
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Contractor ProposedMilestone Schedule
Contractor ProposedMilestone Schedule
I1
TRUST 1 Go/No-Go
ExperimentsTRUST 2 Go/No-Go
Experiments
TRUST 3GRAND CHALLENGE
ExperimentsE1 E2 E3
Performer Teams
Hardware Validation
Design Validation
System Integration
Phase 1 Phase 2 Phase 3I1 I1
GFE Test Articles
GFE Test Articles
GFE Test Articles
Time (months) Time (months) Time (months)
Cost ($$$) Cost ($$$) Cost ($$$)
MS 1 MS 2 MS 3 MS 4 MS 5 MS 7 MS 8MS 6 MS 8
E1 Major Go/No-Go Experiments
Develop
Test
Develop
Develop
Test
Develop
Develop
Test
Develop
I0
SampleGFE Test
Articles
E0
E0
Sample Test Articles
I1I1
TRUST 1 Go/No-Go
ExperimentsTRUST 2 Go/No-Go
Experiments
TRUST 3GRAND CHALLENGE
ExperimentsE1E1 E2E2 E3E3
Performer Teams
Hardware Validation
Design Validation
System Integration
Phase 1 Phase 2 Phase 3I1I1 I1I1
GFE Test Articles
GFE Test Articles
GFE Test Articles
Time (months) Time (months) Time (months)
Cost ($$$) Cost ($$$) Cost ($$$)
MS 1 MS 2 MS 3 MS 4 MS 5 MS 7 MS 8MS 6 MS 8
E1E1 Major Go/No-Go Experiments
Develop
Test
Develop
Develop
Test
Develop
Develop
Test
Develop
I0I0
SampleGFE Test
Articles
E0E0
E0E0
Sample Test Articles
Time duration of phases is to be determined by the proposer.
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Key AssumptionsKey Assumptions
Is a gold standard assumed? By this we mean that there isa preserved reference item of a known trusted design ormanufactured part that can be used to assess the trust ofthe item in question.
What are the measurement points to determine theeffectiveness of the technique?
What is the insertion point of the technique?
With regard to the controlled and uncontrolled boundariesshown in Figure 3, what parts of the process are bettercontrolled because of your technique?
What are the inputs required and output set of informationcreated?
Is the technique applicable to ASICs and/or COTS(FPGAs)?
To what element(s)/process step(s) of the process flow does each technique pertain? See Figure 3.
ExplanationKey Assumption
Is a gold standard assumed? By this we mean that there isa preserved reference item of a known trusted design ormanufactured part that can be used to assess the trust ofthe item in question.
What are the measurement points to determine theeffectiveness of the technique?
What is the insertion point of the technique?
With regard to the controlled and uncontrolled boundariesshown in Figure 3, what parts of the process are bettercontrolled because of your technique?
What are the inputs required and output set of informationcreated?
Is the technique applicable to ASICs and/or COTS(FPGAs)?
To what element(s)/process step(s) of the process flow does each technique pertain? See Figure 3.
ExplanationKey Assumption
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Contractor Proposed Experimental Goals
Contractor Proposed Experimental Goals
* Combined man hours plus wall clock time
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Task BreakdownTask Breakdown
• The technical effort must be defined with sufficient granularity to enable DARPA to select part of the work if desired
• Identify which tasks/subtasks are severable and which tasks/subtasks have interdependency
• Each severable task/subtask must have individual metrics-based goals for each of the defined phases
• Costs must be defined at the Task/Sub-task level and for each program phase
DARPA may reject an entire proposal if there is insufficient granularity of costs and goals for the individual tasks proposed
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Program Plan Matrix Program Plan Matrix
Total
Phase Total
Pd, Pfa, T,CC
Pd, Pfa, T, CB
Pd, Pfa, T, CAPhase II
Phase Total
Pd, Pfa, T, CC
Pd, Pfa, T, CB
Pd, Pfa, T, CAPhase II
Phase Total
Pd, Pfa, T,CC
Pd,Pfa, T,CB
Pd, Pfa,Time, Cost,
Etc.Labor $,
M&S $, Sub $APhase I
Key Personnel
Task Interdependencies
DeliverablesExpected Go/No-GoDefinitions
Go/No GoCriteria
CostBreakdown
TotalCost
Descriptionof Work
TaskPhase
Total
Phase Total
Pd, Pfa, T,CC
Pd, Pfa, T, CB
Pd, Pfa, T, CAPhase II
Phase Total
Pd, Pfa, T, CC
Pd, Pfa, T, CB
Pd, Pfa, T, CAPhase II
Phase Total
Pd, Pfa, T,CC
Pd,Pfa, T,CB
Pd, Pfa,Time, Cost,
Etc.Labor $,
M&S $, Sub $APhase I
Key Personnel
Task Interdependencies
DeliverablesExpected Go/No-GoDefinitions
Go/No GoCriteria
CostBreakdown
TotalCost
Descriptionof Work
TaskPhase
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Items Required to be Responsive to the BAA
Items Required to be Responsive to the BAA
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Template for Quad Chart Template for Quad Chart
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Sample Slide Format Explaining Technical Proposal
Sample Slide Format Explaining Technical Proposal
APPROVED FOR PUBLIC RELEASE – Distribution Unlimited
Question ProcessQuestion Process
• Please write your questions down on 3” x 5” cards• Place the question category at the top• Place your questions in the box out on the
registration table• We will attempt to answer as many questions as time
will allow• Answers to all questions will be posted on the BAA
07-24 FAQ page• www.darpa.mil/mto/solicitations/baa07-24/index.html